| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | David Fetter <david(at)fetter(dot)org> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Andres Freund <andres(at)anarazel(dot)de>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_ls_dir & friends still have a hard-coded superuser check |
| Date: | 2017-01-29 22:52:51 |
| Message-ID: | CA+TgmoYoCm4mHi6F34ToGwdhBDJHO+vYOMdKzCfrBYneZ5+2bQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Jan 29, 2017 at 5:39 PM, David Fetter <david(at)fetter(dot)org> wrote:
> On Thu, Jan 26, 2017 at 08:50:27AM -0500, Robert Haas wrote:
>> On Wed, Jan 25, 2017 at 10:31 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> > Frankly, I get quite tired of the argument essentially being made
>> > here that because pg_ls_dir() wouldn't grant someone superuser
>> > rights, that we should remove superuser checks from everything.
>> > As long as you are presenting it like that, I'm going to be quite
>> > dead-set against any of it.
>> 1. pg_ls_dir. I cannot see how this can ever be used to get
>> superuser privileges.
>
> With pilot error, all things are possible. A file name under $PGDATA
> could be the superuser password.
Uh, true. The default value of application_name could be the
superuser password, too, but we still allow access to it by
unprivileged users.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Fetter | 2017-01-29 22:56:30 | Re: pg_ls_dir & friends still have a hard-coded superuser check |
| Previous Message | David Fetter | 2017-01-29 22:39:56 | Re: pg_ls_dir & friends still have a hard-coded superuser check |